From: Nobody on
On Wed, 03 Mar 2010 03:37:44 +0100, Victor Stinner wrote:

>> I see, makes perfect sense. This then raises the question whether it's
>> important to have a 100% fool proof python sandbox without help from
>> the OS, or this goal is not only too ambitious but also not really a
>> useful one.
>
> This is just impossible :-) PHP tried that but it's too hard to write an
> exhaustive blacklist because too much code have to be modified. If you
> require a 100% fool proof sandbox, you have to use a sandbox between the
> Python process and the OS (and not inside the Python process).

It's entirely feasible to implement a perfect sandbox at the language
level. But you have to design this in from the beginning. If you try to
retro-fit it, you end up either failing or with an entirely different
language.

A black-list approach won't work; you have to deny by default then
white-list "safe" functionality.